Are you starting apache as root and changing the user ID ?
If so, you will not get a core file from httpd - or any other process for
that
matter. It is considered a security weakness to be able to have a user
examine a core file from program that was once run as root.
I have used a dumb technique that works - I have apache catch all the
signals (segv etc) and then call kill(SIGSTOP) on itself. With a bit of
gdb'ing it seems to work.
The only reason for httpd to run as root as far as I can tell is so that it
can bind to port 80 and 443 which are priviledged ports. Other solutions
I thought about was to patch the kernel and specifically allow 80 and 443
binding by non-priviledged users or to patch apache and use file descriptor
passing (either by exec or ipc messages) and have a program that program
run as root.
Anyhow, it sux.
Philip Payne wrote:
> Hi,
>
> Does anyone have any suggestions on what else I can try to get a core
> dump to track down a segmentation fault????
>
> I've tried the various suggestions in the mod_ssl FAQ including:
> 1) Setting CoreDumpDirectory to /tmp
> 2) Starting Apache as a non-root user (Apache failed to start because
> of privilege problems).
> 3) Running the child servers as root (Apache refused to start for
> security reasons).
> 4) Starting Apache in single-process mode using httpd -X .
> but the segmentation fault fails to produce a core dump.
>
> I'm using Apache/1.3.11 (Unix) PyApache/4.19 mod_ssl/2.5.1 OpenSSL/0.9.5
> on Redhat Linux 6.1.
>
> I'm running a single Apache server for both non-SSL and SSL access.
>
> It all works perfectly except that child servers die with (e.g.):
> [notice] child pid 3732 exit signal Segmentation fault (11)
> under the following conditions which are 100% reproducible:
> 1) The child server has been used for at least one SSL access.
> 2) The child server receives a non-SSL CGI POST request ==>
> segmentation fault.
> CGI GET requests don't have this problem.
>
> OpenSSL was a absolutely standard install.
>
> mm was installed using:
> ./configure --disable-shared
> make
>
> mod_ssl was installed using:
> ./configure \
> --with-apache=../apache_1.3.11 \
> --with-ssl=../openssl-0.9.5 \
> --with-mm=../mm-1.0.12 \
> --prefix=/usr/local/apache \
> --disable-rule=SSL_COMPAT \
> --enable-rule=SSL_SDBM
> cd Apache directory
> make
> make certificate TYPE=test
> make install
>
> httpd -V gives:
> Server version: Apache/1.3.11 (Unix)
> Server built: Mar 31 2000 11:12:41
> Server's Module Magic Number: 19990320:6
> Server compiled with....
> -D EAPI
> -D EAPI_MM
> -D EAPI_MM_CORE_PATH="logs/httpd.mm"
> -D HAVE_MMAP
> -D HAVE_SHMGET
> -D USE_SHMGET_SCOREBOARD
> -D USE_MMAP_FILES
> -D USE_FCNTL_SERIALIZED_ACCEPT
> -D HTTPD_ROOT="/usr/local/apache"
> -D SUEXEC_BIN="/usr/local/apache/bin/suexec"
> -D DEFAULT_PIDLOG="logs/httpd.pid"
> -D DEFAULT_SCOREBOARD="logs/httpd.scoreboard"
> -D DEFAULT_LOCKFILE="logs/httpd.lock"
> -D DEFAULT_XFERLOG="logs/access_log"
> -D DEFAULT_ERRORLOG="logs/error_log"
> -D TYPES_CONFIG_FILE="conf/mime.types"
> -D SERVER_CONFIG_FILE="conf/httpd.conf"
> -D ACCESS_CONFIG_FILE="conf/access.conf"
> -D RESOURCE_CONFIG_FILE="conf/srm.conf"
>
> Thanks and regards,
> Philip Payne
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
